Newsvine Fraud News

September 28, 2008

Leveraging the NIST Framework for Effective Risk Management

Risk management has become a key priority for many
companies.Yet, few really
understand what a comprehensive risk management strategy entails, or how to
effectively implement one across their entire enterprise.

That’s why many businesses are turning to the National
Institute of Standards and Technology (NIST) for guidance.NIST has designed a methodology for
implementing comprehensive and consistent risk management guidelines and
processes throughout the federal government.The goal is to maximize protection of classified information
contained within IT systems and services by ensuring that common tools, solutions,
and procedures are deployed and utilized among all agencies.At the same time, the NIST methodology
strives to create a secure technology environment, without hindering the needed
information sharing between federal, state, and local offices.

Because it is so comprehensive, corporations are seeking to leverage
this framework for their own risk management purposes.For example, the NIST approach has already
taken into consideration all the factors that have put information systems at
greater risk than ever before, including:

The
growing complexity of IT architectures

The
increased sophistication of cyber criminals

The
rising number of “virtual” assets that need to be protected

The
need to balance security with real-time collaboration and data access and
sharing requirements

Additionally, the NIST technique utilizes a phased approach
to risk management that can act as a guide to other companies, helping them
take the needed steps to implement true, enterprise-wide risk management, such
as:

Defining
and measure existing risks

Prioritizing
threats based on likelihood, extend of potential damage, and acceptability

Identifying
those staff members who will be responsible for risk management, and
outlining their roles

Selecting,
purchasing, and deploying the needed tools

Configuring
all systems, databases, and services for maximum protection

Setting,
documenting and enforcing security monitoring procedures

Creating
response processes to be executed in the event of a breach

Conducting
ongoing auditing and analysis of current procedures, and continuous
refinement as needed

And, because NIST created their recommendations to address
broad, nationwide security requirements, as well as the needs of various
individual federal agencies, they offer maximum flexibility.This is particularly important for
large, global organizations that need to standardize its risk management
activities, while allowing each department, office, or business unit to adjust
techniques as needed to satisfy unique security requirements.

Risk management initiatives require a tremendous amount of time and
resources.So, instead of starting
from scratch, companies should look to NIST, and use their existing framework
as the basis for their projects.This will accelerate the development and implementation of risk
management strategies, while ensuring success through the use of proven
techniques and methodologies.